Identify the various authorized tasks to be performed by users. Group closely related tasks. Groupings can be based on any organizational structure - departmental, functional, and so on. Assign a name to each grouping. These groupings are the roles you will create.

Identify the system privileges and object-level privileges required to perform each task that has been identified.

Identify the users that need to perform the various authorized tasks, including those who will require the roles you are going to create.

(Optional) Identify administrators for the roles you are going to create. Administrators can grant and revoke the role to other users.

(Optional) Identify administrators for the system privileges and object-level privileges that are not part of the roles you will be creating.

Create the required roles.

For each role, grant the required system privileges and object-level privileges.

Create the users.

Grant the applicable roles to the users, including granting administrative rights where applicable.

Grant any additional roles and privileges needed by individual users.